Google Cloud Platform VPC Out-of-the-box Data Collection Integration

Google Cloud Platform VPC Out-of-the-box Data Collection Integration

Notes
To learn more about Out-of-the-box Integrations and their benefits, please refer to this article.
In this article, you will find out how to configure Google Cloud Platform (GGP) VPC to pull and collect data from your network in the form of logs, and have it sent to Lumu to be analyzed to improve the monitoring & response capabilities of your organization.

Requirements

  1. A GCP Virtual Private Cloud. To learn more, refer to the GCP official documentation.
  2. A Google Cloud project. If you do not have one, please follow the official Google Cloud tutorial.
  3. An active Lumu Defender/Lumu Insights subscription 

Notes
Lumu paid customers can unlock the full power of our Out-of-the-box integrations; however, Lumu Free customers can also enjoy their benefits with a few limitations. Take a look at our website and our documentation to learn more about our subscription tiers.

Configure Google Cloud Projects 

Google Cloud services allows managing APIs, adding and removing collaborators, and managing permissions for Google Cloud resources. In this section, we will see the necessary configurations we need to complete in GCP to activate the OOTB integration. 

Google Cloud allows storing logs in a general storage utility per project, this means all your available DNS zones and VPCs which are part of a cloud project may generate and save different sorts of logs, including but not limited to TCP/UDP packets, DNS queries or DNS packets, that will be reflected in your logging explorer utility.


Bear in mind that two different projects will have two different logging buckets. To retrieve logs from both of them, you must set up two OOTB Lumu integrations, one per project.

Enabling logs for your VPC network

You will need to enable DNS logging on your VPC network. Once done, you should see the DNS policy available in your VPC network details.


IAM configuration

You must create a new service account and a new IAM role, which must be a “Logs Viewer” Role. Now, go to your IAM permissions section, and add it to the service account previously created.
Alert
It is vital to create an account key for this service account, and download it as a JSON file, you will need this later to create the OOTB.

Once added, you should see the service account in the principals' permissions details


Add Integration

To start collecting data from the GCP VPC, it is necessary to configure the Lumu integration using the values obtained in the first section of this article. Here, you will find instructions on how to configure each of these parameters.
1. Log in to your Lumu account through the Lumu Portal and navigate to the integrations screen. Locate the GCP VPC Data Collection integration in the available apps area and click to add it. Then click to view details.


2. Familiarize yourself with the integration details available in the app description. Click the button below to add the integration.


3. Assign an identifiable name to the integration. By default, this integration will be tagged as unlabeled activity; however, you can select a label of your preference for additional visibility. 
Notes
It is always recommended to assign a label to prioritize findings within the traffic of your organization. To learn more, refer to our article about Labels.


4. Add the GPC credentials: Google Cloud Project ID and Service Account Key. These parameters were obtained in the steps of the Configure Google Cloud Projects section. Now select “Activate”. 


5. The integration is now created and active. You can find the integration and some additional details by going to the Configured Apps section and looking for the available apps.


Setup Grouping Rules

Grouping Rules are powerful tools to organize and streamline the traffic received by your collectors by making full use of Lumu’s Labels. Consult the relevant article on our technical documentation to learn more about Grouping Rules.


    Still can’t find an answer?
    Send a message to our experts.
    Contact Us

        • Related Articles

        • Google Cloud NGFW Out-of-the-Box Response Integration

          This article describes the required procedure to integrate Google Cloud NGFW with Lumu for automated response procedures. This is one of our featured Out-of-the-Box Response Integrations. Requirements Google Cloud Platform Account GCP administrator ...

        • Gmail for Google Workspace Out-of-the-Box Data Collection Integration

          To learn more about Out-of-the-box Integrations and their benefits, please refer to this article. Requirements Google License Google Workspace Business Starter or above Google Workspace for Education Fundamentals or above Lumu License An active Lumu ...

        • AWS Out-of-the-Box Data Collection Integration

          To learn more about Out-of-the-box Integrations and their benefits, please refer to this article. In this article, you will find out how to configure Amazon Web Services (AWS) to pull and collect data from your network in the form of logs, and have ...

        • Netskope Log Streaming Custom Data Collection Integration

          In this article, you will find out how to configure your Netskope Log Streaming subscription and its Lumu Custom Data Collection integration to pull, transform, and inject the Web Transactions by Netskope Log Streaming into Lumu to enhance the ...

        • AWS Virtual Private Cloud (VPC) Out-of-the-Box Response Integration

          This article describes the required procedure to integrate AWS VPC with Lumu for automated response procedures. This is one of our featured Out-of-the-Box Response Integrations. Requirements AWS account with the appropriate permissions to manage ...